<img src="https://certify.alexametrics.com/atrk.gif?account=b2hlr1ah9W20em" style="display:none" height="1" width="1" alt="">
    Login
    Get started

    7 ways to safeguard data subject rights under GDPR

    Published on 22 Dec 2017 by Lynne Callister

    data subject rights under GDPR

    The Information Commissioner's Office (ICO) is warning firms that they must respect individuals' rights to prevent their data being used for marketing purposes.

    When marketing you need to stay GDPR compliant

    • True Telecoms Ltd was fined £85,000 for repeatedly calling people who were registered with the Telephone Preference Service over a two-year period despite being warned not to do so
    • The firm continued to make calls even when people specifically asked them not to
    • The ICO dealt with over 200 complaints in that time - it had told firms that there is no excuse for making nuisance calls to people who have asked not to receive them
    • The General Data Protection Regulation (GDPR) came into force on 25th May 2018 and reinforces this right

    Steps to safeguard data subject rights under GDPR when marketing:

    data subject rights under GDPR

    1. Make appropriate disclosures to data subjects via privacy notices - so they know who is collecting their information, what it will be used for, whether it will be shared with other organisations and when.
    2. Inform data subjects upfront of their right to object to data processing - via privacy notices and in your first communications with them.
    3. Get clear, explicit and unambiguous consent from individuals for any marketing activity - pre-filled boxes, silence or inactivity cannot be taken as a sign of consent. Remember that there are special rules that apply to children's data.
    4. Implement a process - to ensure that whendata subjects change their mind and withdraw consent to marketing, they are not contacted in future and their wishes are respected.
    5. Honesty is the best policy - encourage everyone to report any data loss, theft or accidental transfer promptly. Cover ups can be costly under GDPR.
    6. Have a process to notify the data authority and data subjects if there is a high risk to their rights or freedoms - We have just 72 hours to notify the data authority of a data breach and those affected if there is a high risk to their rights or freedoms. There are significant penalties (€10 million or 2% of global annual turnover) if we don't.
    7. Only use 'clean' data lists from approved and trusted data suppliers - make sure any in-house lists you use for direct marketing do not contain the names of anyone registered with the Telephone Preference Service (TPS) or Corporate Telephone Preference Service (CTPS).

    Want to know more about GDPR?

    As well as 30+ free compliance training aids, we regularly publish informative GDPR blogs. And, if you're looking for a training solution, why not visit our GDPR course library.

    If you've any further questions or concerns about GDPR, just leave us a comment below this blog. We are happy to help!

    Leave a comment

    Tick

    Free Trial: Compliance Essentials

    Skillcast Essentials is our best-selling library and there's a reason for that. Essentials library provides comprehensive coverage of the key compliance / conduct issues that companies in the UK face today.

    Request now

    What are the Best Workplace Learning Theories?

    Learning theories have been developing for decades, each has their own merits. We look at six of the most well established theories to explain how you can use them to improve outcomes. When designing ...

    Read More
    Biggest GDPR Fines of 2019

    Penalties for breaching the GDPR can reach up to €20 million or 4% of annual global turnover, whichever is highest. We examine the size and reasons for the biggest GDPR fines of 2019. Ever since ...

    Read More
    Highest FCA Fines of 2019

    The FCA issued a record total of £392 million in fines in 2019. In fact, the two largest fines in 2019 were larger than the 2018 totals. We've analysed they key corporate and individual fines in ...

    Read More
    Why a Blended Approach Drives Engagement & Learning Outcomes

    It is critical that you provide training that engages your learners, but should that be face-to-face, e-learning, mentoring or something else? We explain how to blend for success... Whilst compliance ...

    Read More